Posted
by
emmett
on Saturday July 22, 2000 @04:24PM
from the /j-#ircaddict dept.

WD_40 writes: "A new product called ChatScan (housed at eNow.com) allows you to browse chatrooms on IRC for specific content. The idea is to make it easier to find relevant conversations by logging thousands of chatrooms over many different networks. I suppose it should also be easy for the FBI, for example, to peruse chat channels to find out who's talking about building bombs (or Metallica to find those evil MP3 traders). Is this a handy tool, or possibly an invasion of privacy?" Um, maybe if you're interested in privacy you shouldn't be on IRC?

I don't have think we have too much to worry about. I checked under the topic spirituality and came up with channels like "dreamcast-gods" and "mp3-heaven". And for some reason, nearly all the channels it scans seem to be in Spanish.

Perhaps the signal/noise ratio on IRC is way too low to worry much about privacy.

We have received numerous questions and comments from members of various IRC communities. Many of the issues raised by the communities are the same ones that we discuss internally on a regular basis. We take these issues seriously and are very interested in initiating a dialogue with you and your community. As a starting point, we would like to clarify many of the misconceptions about ChatScan by addressing the most frequently raised issues surrounding ChatScan. The following are answers to the concerns that have been raised:

What Is ChatScan All About?

ChatScan enables users to search ongoing public chat-conversations for real-time dialogue about subjects of interest to them. By using the ChatScan Services, users may search chats for their favorite topic or browse a real time chat directory. The ChatScan's search functionality enables users to search in real time for a specific topic being discussed in public chat channels, across a multitude of networks. The users can then instantaneously join on-going conversations discussing their favorite topics, by using either mIRC or the ChatScan client. ChatScan's Live Directory is a real time directory of chat channels, organized by categories. The Live Directory includes a preview of on-going conversations and enables users to easily find chats of interest. The ChatScan service is a free service and does not require any registration by the user.

See www.chatscan.com for more information and a beta version of these services.

What Is Unique About eNow's Search Functionality?

eNow allows users to search across multiple networks. Its also prioritizes rooms that are currently active over room that no one is talking in at the moment. But most important - eNow allows users to search the content of the conversations in chat channels, not simply the names of the channels.

What Do eNow's Bots Do?

Making chats searchable in real time is achieved through advanced search technology and the use of friendly bots. The bots perform the following two functions: (1) "Transient" bots gauge the activity in public channels to ensure that users find "hot" rooms with on-going conversations. Therefore, transient bots will enter public channels for less than a minute approximately once an hour. (2) "Persistent" bots attend selected public channels in order to index on-going conversations. The index contains the main words that were mentioned in the last 5 minutes of each conversation. The actual messages of the channels and any data older than 5 minutes are discarded.

What eNow's Bots Do Not Do?

eNow's bots do not log the on-going conversations.

eNow's bots do not talk and do not actively participate in conversations.

eNow's bots do not engage in any unwanted activities, such as: cloning, flooding,solicitation, advertising and mass messaging.

eNow's bots do not attend any form of private chat.

Will eNow's Bots Be Identifiable?

eNow is working on making its bots and clients reply to VERSION and PING CTCP messages. eNow intends to define a naming convention for its bots together with IRC networks.

What Is The Effect Of ChatScan's Bots On IRC Networks' Resources?

At any given time the amount of bandwidth that eNow's bots use is minute. Currently, ChatScan does not use more than 100 concurrent connections across all IRC networks. eNow is also in the process of implementing a restriction of two connections per server and 20 per network. The bandwidth used by ChatScan from even the largest networks never exceeds an aggregate of 5KB across all servers of the network. Considering the size and the traffic of large IRC networks these resources are negligible. Moreover, in the near future, eNow will be providing servers hosted by eNow to qualified IRC networks that have legitimate concerns with ChatScan's consumption of their resources. eNow will ensure that all ChatScan connections will be directed to those servers.

Does eNow Make Money From The IRC Communities?

eNow does not derive any revenues from the IRC communities and currently does not advertise on the ChatScan client or Web site. eNow is developing IRC related services that will be free to the IRC networks. In the future, eNow plans to generate revenue by charging for similar services provided to commercial communities based on eNow's proprietary technology.

How Can ChatScan Benefit IRC Communities?

If we work together, we are confident that you will find that ChatScan is an exciting new tool that can greatly enhance your IRC community and improve your chatters' user-experience. Among the myriad of possibilities, ChatScan's search capabilities and ChatScan's Live Directory, can be personalized by making the services "Network-Specific", and incorporated into your community's web pages. In addition, eNow is willing to provide you with the applications and support necessary to turn your community Web pages into your "community portal."

As I mentioned above, we are very interested in initiating a dialogue with you that will result in a win-win relationship. Please continue to provide us with your feedback, as we consider your input invaluable. If you have additional thoughts, questions etc. regarding ChatScan please contact me at contact@enow.com. I look forward to hearing from you. Suppose you were an idiot. And suppose that you were a member of Congress. But I repeat myself.

> Um, maybe if you're interested in > privacy you shouldn't be on IRC?

That's a clever thing to say, emmett. Following the logic, if you're interested in privacy you shouldn't go on the Internet, register with any kind of authority and instead live a sheltered isolated existance in a bomb shelter on an island off the coast of a 3rd world country.

What logic are you following? Emmett's point was if you say something in a public forum, you shouldn't expect it to be private.

This message is meant for santan and santan only, if you are reading it and are not santan, you have just violated my privacy. If you are Google's [google.com] web spider and have just stored a copy of this message, oh boy you have really violated my privacy.

(Presumably, one could do this even on private channels by running a hacked ircd, doing the snooping at the server -- more efficient, too)

There's a chat system out there with public key crypto on public messages, encryption (symmetric session keys, persistent/signed public keys), and a reasonable mapping of user identifier to username@domain. It's called gale, and there's more info at www.gale.org.

There are a few other chat systems out there with crypto, even some crypto-extensions to IRC. I reviewed [epinions.com] several of them on epinions in January 2000.

Just like security, privacy is an illusion we like to imagine so that we can have our comfort zone. I know that if you do not want general users to find or get in a channel you are in that you want secured, they have modes you can set on the channel leaving the channel invisible and/or locked out to all...except the All Seeing IRCop and chosen few.

The real problem I would see with these scanbots as a mere IRC user, would be IRC becoming a haven for AO-Smell like morons bored with their silly little AO-Smell like rooms. It was bad enough when the floodgates of idiocy were opened up and they infested IRC.

IRC is more analogous to chatting on the subway or at a party. The expectation should be that many people could be listening and some may be rudely recording you. Laws exist about recording conversations on ostensibly private channels, such as the telephone. That does not stop people from recording, it just punishes them when they are caught and convicted.

My philosophy is that unless you are certain of the context in which you are speaking and of the people to whom you are speaking, don't say anything that you wouldn't want to see on the front page of the New York Times or any internet site. It's too bad, I don't like it, but that's the way it is.

Say you work at a store. You chat with your co-worker. You know you're at work, you know your boss might walk in because of that, and since you're in a public place, some people might overhear your conversation. But on the whole, you know that you can still talk about things you'd consider private. People don't tend to eavesdrop, and if they do, you'd notice. Your boss doesn't eavesdrop on your conversations at the coffeemachine, even if you work in an officebuilding that has securitycameras..

But now let's say you're chatting using your computer. At work your employer has the right to record and analyse everything you've ever typed! And now, in a public place like IRC everyone should have the right to store your conversations? Ouch!!

Let's say you go to a strip club. It's a public place. You might comment upon a specific exotic dancer's impressive features. You wouldn't expect it to be recorded, stored and indexed for semi-eternity, nor would you expect your boss to be able to use a website to search your strip club comments.. Of course, if he were there, well, it's a fair cop, gov, I mean the chances of that are pretty slim aren't they? You wouldn't expect your comments to be widely disseminated. A strip club, though a public place, is not a forum.

But say something in alt.hotties.nude and it's archived by deja.com. Now #nudehotties is next?

I'ts like they're busy installing cameras and microphones everywhere but inside your actual home, and recording, indexing and publishing it.. First usenet. Then IRC. Your homepage of course, your slashdot comments, your browsing behaviour using cookies, every last scrap of information about you will now be collected unless it's your e-mail.

Perhaps ICQ will have a 'download my message history' button on you personal ICQ homepage next? Why not? It's not like ICQ is private.. I mean, you're talking to some-one else right? That could be anybody, so why not let anybody read it?

Being a slashnet [slashnet.org] admin I can safely say that we suffer of it too. Quoting from a mail that came over our operlist:

Okay, I just finished a meeting on Afternet, in regards to these things. Please bear with me, while I finish gathering some information about them. What it appears that they do, is a bunch of bots (between 5 and 15 per host) are loaded and they cycle channels, that are public, and gather information about said public channel, and it's then posted on some webpage somewhere. Like channel name, description, topic, current users, ops, etc. Evidently, it doesn't post channel conversation, that's remaining to be seen. However, it does use up resources, etc, that can be better spent on real users.

In response of that came the following mail of one of our admins (drdink) who did some research:

After some research with deimos and acb, we've discovered some dark secrets of this ChatScan thing. At first, it seems like a nice site which has an ActiveX interface to many IRC channels on many IRC networks. Unfortunately, we've figured out how they get updated information, such as topics and usesr, for each channel. When a user innocently uses the ActiveX applet, they connect to the destination they believed they were going to (i.e. #slashdot) BUT at the same time, the software connects to OTHER IRC NETWORKS WITHOUT THE KNOWLEDGE OF THE USER and does data gathering there and sends it back to the master site. This is clearly unethical. Using your usesr' bandwidth without asking or telling them first. I would suggest, since its going to be impossible to ban every single ISP, that we modify our MOTDs and AUPs (and enforce them) and then send these E-Now characters e-mails.

Only thing I can add to this is that I agree completely with the things said here. I think it's a bad thing that such a 'service' is being advertised on slashdot. But then again, the one that posted the message probably didn't know all this.

Yeah. Or maybe that company should stop violating the usage conditions of the servers, ask before they did it, and generally stop harassing IRC users and admins. If they asked permission to run their bots on a network, they would never be allowed on any medium or big sized net. Problem solved.

Could ChatScan/eNow just be an inconspicuous way for law enforcement to connect to IRC networks? I think without such a pretext, it would actually be non-trivial to connect to IRC networks on a large scale (for indexing/logging) without being detected or arousing suspicions.

Why worry about law enforcement listening in? After all, people shouldn't have an expectation of privacy on IRC. But I think a big concern is that law enforcement may be unfamiliar with the social conventions on IRC and will misinterpret phantasy and bragging as reality.

Several comments discuss the "reasonable expectation of privacy" angle of such a tool. Also, several comments discuss the problems with flyby (/join,/part) and annoyance issues of the petty snoop.

There are four basic kinds of communication on the typical IRC system,

unsecured channel 1-to-N, or "say" You say something in #JoesTavern, all those in #JoesTavern hear you. Anyone can join or part at any time. Laughable to suggest you have reasonable expectation of privacy here, though most would assume they can see a definitive list of who else are in the same channel.

secured channel 1-to-N, or "say" An op has set #JoesBackRoom as mode +s (unlisted), +i (invite), +k (passkey entry), all those in #JoesTavern hear you. If you don't know how to get in, you can't get in. Still, it's a personal-trust-web fanning out from the ops and participants. They may copy or log what's said inside, and who KNOWS who gets that.

/msg channel 1-to-1, or "msg" Any chatter can talk directly to any other chatter on the same network, without forming a separate channel to do so. The messages still go through one or more servers to get routed from Betty to Frank. This has a very weak but plausible expectation of privacy, since there are no 'broadcasts' done to a channel, and the assumption is that only one target may get it. If two people were to coordinate a/nick change without telling Betty, then she could be talking to a different Frank and not realize it until she looks at/whois or other host information. (One person could attack Frank and assume the nick when Frank disappeared.) Some networks try to protect nicks as a sort of property, but identity authentication is still mostly up to the user.

/ctcp dcc 1-to-1, or "dcc chat" After a handshake through the network, the TCP/IP addresses of Betty and Frank can establish a direct computer connection (dcc), and a "genuinely private" 1-to-1 chat channel is formed. Many IRC clients support this handshake, and many users use them to escape the intermediary latencies of the network's servers. Again, it's a trust situation: if Betty doesn't know Frank well, then giving him her network address or any other secrets may be rash on her part.

You can only have a reasonable expectation of privacy if no intermediary servers, or explicit destinations, are compromised with listening agents.

If you alter the IRC server code, you could listen to any of the first three forms of communication, and you can log the TCP/IP addresses of those who try to establish the fourth. Some IRC servers already have completely hint-free snoops like this in place.

If a compromised server then attaches itself as a member of a larger network, by force or by guile, then you have Echelon/Carnivore proportion snooping possible, without one shred of "annoying flyby" behavior detected by the visitors to the network, or even to the other servers on the network.

In short, you HAVE no reasonable expectation of privacy if you use IRC.

When a person posts something on a webpage that isn't password-protected, that person has to be a fool to expect the information on it to remain private. Email, on the other hand, is usually password-protected, and most people expect it to be private.

It is OK for people to know what I said to my friend while I was at a restaurant or another public meeting place. But if it was said while we were inside my house, we should be able to expect that our conversation would remain private.

After all, what would differentiate Carnivore and the FBI opening, reading, and archiving every piece of mail sent through the USPS? Only the ease of execution and cost.

Sorry, I was under the impression that this was the Carnivore thread. I see nothing wrong with archiving IRC conversations, as long as it isn't done on +p (private) or +s (secret) channels. And, of course, as long as people are told that this is being done in the server's MOTD.

This seems like a problem, huh? They don't follow 'no bots' rules, the use up resources, they won't stop, act like jerks about it, and there's no law against it.

But actually there is. Try to sue them for unauthorized use of your resources, in a similar manner as you would for any other kind of denial of service attack. Hey, ebay got it's crawlers removed, so maybe it could be worth a try.

About a month back, on an IRC channel I frequent, we (the ops of said channels) discovered someone had been joining the channel multiple times each day, using a different nick and ident each time. This person never said anything, even when directly contacted (private message, notice, DCC, etc.), and remained in the channel until we kicked them for lurking.

Before anyone gets on about paranoia, allow me to explain...

Normally a series of joins from the same subnet isn't a big deal, it happens fairly often, like with a new regular who nick-hops, when a university's internet link lights up, or shortly after some new regional ISP goes live. But this one was different. There were no repeat nick/ident combinations. There was a pattern to the nicks and idents used--a compiled list of all nicks and idents used showed what appeared to be nicks and idents constructed from a common list of name-parts, sometimes nicks were coincidentally later reused as idents and vice-versa. All the joins from the subnet over a period of more than four weeks showed the exact same behaviour: complete lack of non-automatic response. All joins came from the same/24 subnet. Put all that together and it sets off some fairly big alarm bells.

We've since banned that subnet from the channel, but it gives me pause to think that maybe that series of lurkings was part of the initial content-gathering process required for a search engine such as ChatScan.

Can you please post those identifying factors? I, too, run an IRC server that I wish to ban those bots from... Maybe we could build something into the IRCd daemon itself to refuse to authenticate anybody using one of those clients? The average X-chat user (or mirc even) would know enough to read the motd and see what's up, what's allowed and stuff, but the chat client they set up won't even display it by default, and I'm sure that more then half their users won't know what an MOTD is, let alone how to display it... -PhaseBurn

Just gone there and tried to look for "PHP". Nothing. "Linux"? Nothing. Yeah right, nobody in the world is saying a word about Linux, what is Linux anyway? And they have astonishing 24 (twenty-four!) channels for all the technology. Which certainly beats 1 (one) channel they have for science. Seems like they have way to go.

Agreed. What is the point of belittling the people that contribute to our paycheck?I mean, why not just calll the guy a pedophile and be done with it.

God forbid Slashdot and Andover realize that the users are their revenue source (what little there is), and treat them with respect...for instance, we need a tool to/ignore posts with certain nicks, words, topics. No more OSM bullshit or goatse.cx.

Time to act like a business. Alot of us come here for information and insight into the community. We don't need all the crap that has become standard faire on Slashdot.

This article distrurbs me. IRC is NOT always a public forum! If the channel you are in is marked as invite only, the public is denyed by definition. Also, what about private messaging? I mean, if you're in #chat or #hotsex I'm sure you know what you do can/will/is logged and monitored, but that about in your own channel shared with friends?

The IRC servers are the backbone of the communications network, just like the phone company. Unless I misunderstand this article, this is no different than setting up equipment at the telco to automatically scan all conversations that occur in a conference call, is it not? How can this possibly be legal and acceptable?

This isn't so bad though. It's easy to set up your own private IRC server on a linux machine to communicate amounst friends easily, and you can even use SSH for more security (ssh to the machine then launch the client). It would be nice to see some encryption capabilities in XChat, though, hrmm, there's an idea..

...how ths could possibly be construed as a violation of privacy. You say something in a public forum, you expect it to be read - by nefarious types as well as the intended audience. Personally, this sounds like a great tool to me. How much fun would it be to search for your handle and find people talking about you? Or searching for the name of some software you coded or something? This looks interesting to me.

Perhaps it's time to brush off the dust on some documentation of one of hundreds of dying/dead languages of say, Brazil, and teach the very basics to your co-conspirators/drug industry business associates/fellow human time-bombs/etc to much more effectively avoid snooping eyes. By the time "they" figure out which language it is, dictator x will be dead or y's embassy will be rubble or n tons of cocaine will already be in the US. Not that I advocate such behavior but I can see why the CIA feels the need to monitor the internet for such things - they need to have an advantage over any competition.

One of my hobbies used to be IRC, specifically the Undernet. During that time the undernet volunteers that run the network discovered that eNow was using the network for their service without prior permission or discussion with the undernets administration. I made contact with eNow and requested they not use the network in their service as all of Undernet's resources are donated and in my personal opinion I didn't think it was "right" for eNow to generate revenue from our loyal users and the resources donated by 40+ organizations around th world...especially when those organizations made no direct profit from the IRC service they were providing. At any rate, eNow willingly suspended using the Undernet as one of their networks for the service, however that was some months ago and I have since resigned nd don't know if they currently use it. The best advice to avoid this is to A) Avoid IRC and search newsgroups B) Use IRC and just use your head...IRC is Internet Relay Chat...just because you are on n IRC network it doesn't mean that the information on that network is not relayed somewhere else. C) Interact with humans. Really...many of them are quite informed../iamabot aka SnApDaD@undernet.org

and why the hell would you want to scour the IRC channels except if you feel that you could bust warez pirates and kiddie prOn peddlers? think about all of the meaningless banter that you'd have to record and store somewhere.

Judges? Bzzzzttt!!!! Wrong answer! If I understand you well, you only have meaningless conversations and w4r3z t4lk on IRC. I disagree. And even if my conversations are meaningless to you, they might be very interresting for someone else (FBI, News Papers, my employer, etc..)

Anon sez: >Like there are robots exclusion standards in Usenet (x-noarchive), and >on the web (robots.txt), we should probably make some similar standard >for IRC. ---

Umm, sorry to burst your bubble, but those "standards" can be and often are ignored, making them as useful as the proverbial tits on a bull.

The "X" in X-No-Archive:Yes doesn't mean it's a header that MUST be followed/obeyed. There are at least several sites (one example off the top of my head being the one run by the postmaster of Missouri FreeNet) that archive posts marked with the no-archive tag.

As for robots.txt? If a company or individual really wanted to see what was on pages which were listed in robots.txt as "don't go there," there's absolutely nothing stopping them from modifying their scanbot to ignore the imposed restrictions. Hell, even spamware programmers can do it with their web harvestbots. What makes you think a company with $BIGNUM budget and loads of generally talented people can't?

I suspect that any such standard agreed on for IRC will run into the same problem: there's no penalty for ignoring the rules. As has been shown in other posts in this thread, the chatbots are already ignoring already-existing rules/protocols like "no bots," and actively dodging present bans/filters instituted by IRC network operators and the Ops in various channels whose main goal, in general, is to keep the available resources useable. What's a few more unenforcable (by the design of the system) rules ignored when on a quest for the almighty $CURRENCY_UNIT ?

If a compromised server then attaches itself as a member of a larger network, by force or by guile, then you have Echelon/Carnivore proportion snooping possible, without one shred of "annoying flyby" behavior detected by the visitors to the network, or even to the other servers on the network

This arguement sucks. If I attach a compromised server to the phone network, I have no expectation of privacy there? Or hell, I use a "compromised" mail truck to deliver mail - do I have no expectation of privacy there, too?

Anything can be compromised. The law should work such that the public impression of the medium is all that matters - and I suspect that this is how it works. I don't even think you can tap a public phone in the united states without an extremely specific warrant (I might be wrong here). I wish we had some engineers that were judges, for some reason it feels like the FBI is trying to pull a fast one whenever possible.

How do *Secure Sockets* work for a phone call? or when Carnivore scans all email at the ISP? Sure you can use security for some things, but half the business out there sell your data. Buy a house and Home Equity Loan applications will fill up your mailbox.

There are so many different ways that information can be gathered. If you are concerned about privacy, is IRC going to be your battleground?

I believe Emmet has missed the point here. This eNow issue is not about privacy. Obviously, if you are in a public channel, privacy is irrelevant.

The point here is that a VC funded start-up dot com is using the resources which Admins and their sponsors donate for free, to supply the content for their site. If you read all the information on their site they talk about 'affiliate schemes' and 'premium areas'. This is not a non-profit making organisation, they quite clearly intend to make money from Chatscan either by advertising or by brand-building until they reach a stage where they can either float or be bought out.

IRC admins put their servers up for the personal use of others, not so some start-up company can leech bandwidth (no matter how small), and use our resources to make themselves rich.

My server has a 'No Bot' policy. Did they take this into account? Did they hell. They have broken my server's AUP and, from what other admins have said, they are ban evading and getting these bots on to the network in any way they can.

Deja, Inc. has demonstrated what happens when people rely on internet archives:

All of a sudden, it becomes "uneconomical to maintain" them, despite the fact that disk space has been dropping in price at a rate that exceeds just about all other aspects of the information economy and hit rates are growing despite every effort to bury the archives beneath a bogus "business" like product reviews.

Since it is "uneconomical to maintain" them, there is, of course, no reasonable amount of money you can offer to retrieve information from said archives.

Go ask Hypatia about such centralized archives -- she may be getting old enough to tell you something of her daddy's history with the Xanadu project.

In due time, the high priests of the Vatican Library will ensure your secrets will be kept "safe".

For a phone call you want to digitize your audio first, scramble, then send that down the phone line. On the other end they descramble, pipe to DAC, amplify and listen. Just like that you have secure voice.

We run a small IRC Network, and we noticed strange excessive secondlong Connections. We investigate and we found ChatScan. So we k-lined them...

This service ignores our Acceptable Use Policy (no bots), and they weren't long enough online so that we could try to contact them, or check the version reply or something.

As long as they won't support some kind of opt-in scheme, this is evil.

Cord

PS: The concept of scanning a channel for a minute every hour is also a bad idea which doesn't honor the concept of IRC Realtime Conservation. In most channels the topic of discussion can change every minute.

this came in on the chatscan mailing list hosted by afternet, go to http://mail.afternet.org/mailman/listinfo/chatscan to subscribe to post send a mail to chatscan@afternet.org. From: "Edo Segal" To: Sent: Monday, July 24, 2000 10:15 PM Subject: [Chatscan]eNow suspends service to IRC networks Folks, Very short and to the point: We have suspended our service to all IRC servers... The bots are on vacation until further notice. They where very tired:) War with the IRC community is not on our agenda. On the contrary we set out with a goal, a mission to serve the IRC community and to help it evolve. We respect your needs and are working with some of you to accommodate your requests. We are confident that our discussions with the Networks will be fruitful and that we when were launch shortly after the problems that you brought are accommodated for. We suggest that you look at enow as a opportunity to evolve the world of IRC. Look beyond the technical annoyances that may currently obscure the large picture, the vision of creating a searchable dynamic space, where people can connect and find topics of discussion as they evolve, contribute to them and add to the totality of the cyber space we roam. As opposed to the many other companies that have abused the IRC community and are spamming and monitoring it, we set out to create a service for the community. To make it the most advanced chat network on the planet. More robust than the commercial networks, on the forefront as it should be, being the creator of the space to begin with. Change is always difficult. Consensus is hard to achieve. This is a process and obviously our system as it is today is a nuisance to you folks. We are confident that we will find a way, with you, to make it work for you. Regards, Edo Segal CEO eNow "Never doubt the power of a few passionate individuals to make a difference, in fact it is the only thing that ever has." _______________________________________________ Chatscan mailing list Chatscan@afternet.org http://mail.afternet.org/mailman/listinfo/chatscan

As being an admin on one of those IRC networks it searches - to be exact - they are a pain in the ass. The come in with different IPs, different nicks. However ChatScan is starting to cooperate with the (pissed off) irc networks - so that they will be easier to reconize. They do not register any conversation, just makes a analysis of the talk - and categorizes them by some kind of AI. So you cannot see what mafiaboy wrote yesterday on #l33thax0rs. May be good, but they should be a selectable thing and they should have talked with the networks they search first.

I think this tool could actually be pretty cool, I've IRCed for years (and finally gotten rid of that habit) and it happens a lot that channels with obvious names are either in constant takeover-wars or contain only idlers (somehow people think it's hip to be in certain channels 24 hours a day.) The interesting discussion often takes place in other channels. So if you can search through the actual text in real-time, that's a great solution!

Concerning privacy, the structure of IRC makes it a very dangerous place to talk about stuff that's illegal, since private messages go through the server too (so the servers can log everything), except for DCC Chats, which can't be monitored by ENow either. So this doesn't change anything.

Gee, I forgot that the onus of my rights was entirely on me. Stupidly I go outside not wearing a bulletproof vest. I mean, if I'm not interested in being shot, maybe I shouldn't be walking around without one?

Give me a break.

The same group that is having a big to-do (and rightly so) about Carnivore is saying that it is okay to snoop around on IRC?

I most seriously doubt this is going to be implemented by putting a bot in every channel. I just hopped on Efnet, Undernet, and Dalnet, looking for the nicks that were scrolling by in their little java applet, I couldn't find any of them in any of the channels they had listed. No, my guess is that someone is taking a rogue ircd server and just hauling everything that comes through onto eNow. I couldn't find anything about the specific implementation on their website, though I didn't look for more than a few minutes.

But, if you are upset about Carnivore, you should be upset about this. Anyone know anything about this besides the pretty brochure? I suggest some harsh asskicking on this. I'm not doing mindshare so someone can make a buck off of my thoughts with my friends. What's next, putting microphones at tables in restaurants?

Unless of course you are running IE on a Mac, in which case nothing happens. The same is true with Netscape on Mac for that matter. I may take a look from one of the Windoze boxes at work monday, but it probably doesn't work from 2000 or something else moronic.

Perhaps this is in some way related to Echelon [aclu.org]. Supposedly they track a very large percentage of all e-mails, phone calls etc. Maybe this is just another extension to it. Whatever the case, whether this is part of Carnivore or Echelon or just a useful utility for cataloguing and searching channels, it would serve us well to keep an eye out for potential misuse / invasion of our privacy.

They change nicks all the time. Tolfwin one second, podar the next, and sometimes more than 10 bots on our network at any one time

They change IP addresses all the time. When I first encoutered these bots on our network, they were coming from about 4 IP addresses. Now, I've seen dozens of ranges of IPs they come from

They change ISPs. The vast majority of the ones we see on our network are now from the Earthlink dialup pool. Ban all of earthlink from the network? I don't think we should have to akill a whole ISP just for one stupid company.

Even if you ignore the privacy issues, these bots answered our AKILLs by evading them. This is in direct violation of our AUP, and is unauthorized access to the network. Violating our network's rules, entering where they are not welcome... these are not just regular bots.

But don't think the users want them. Our network implemented a workaround that will ban (most of) these bots (As well as dozens of users, don't think it's a perfect solution) from any channel where the feature is enabled. For the next two days after we designed this feature, we had a flood of people into our main help channel asking how to turn this feature off - and ban the bots.

Users don't want them, IRCops dont' want them, admins don't want them, who DOES want them? The company that probably hopes to make money off advertising on their page. These bots don't benefit anyone but eNow, and I don't think we should have to spend our time and energy designing ways to ban bots that no one wants there anyway.

The new version of licq [licq.org] supports encrypted messages. So long as you have another way of verifying identity, (Secure Shell Server Key, Certificate on their webserver, They tell you where you have a birthmark no one knows about, etc.) It can be very private and secure. you said: "every last scrap of information about you will now be collected unless it's your e-mail. " actually, there are probably copies of your old e-mails floating around. They could be on the server the message was sent from, the server the message was sent to, any system on the same subnet as those servers, any system in between, and any system belonging to someone who has access to the aforementioned systems.

I am both a channel admin and a server admin, but the channel admin work I do is far more important, as it is for a national radio show, who does interviews in the "cyber lounge". Recently, these bots have appeared, and drive me up the wall when the channel is quiet. Sometimes when I log back in in the morning, there are just screens full of chatscan join/parts. Simple way I fixed this was to set the channel mode +p (private), but in doing this, the channel will no longer show up in channel listings.

ENow should consider having a web based "opt-out" interface, where you simply put in the name of your channel, and the network from a drop down list, hit ok - it its erased from the join/part list.

First of all, that editorial comment by emmett was in poor taste. Second, plenty of private conversations, either personal or business, are held on IRC. People that have meetings on IRC that require privacy include linux.com, themes.org, and many others.

The software they developed scanned through the closed-captioning of all channels it had access to, and as soon as a search string was encountered, the rest of that program (full video) was recorded to the hard-drive

I don't know if this is the company you are referring to, but Virage [virage.com] makes this VideoLogger [virage.com] program that does that sort of thing....

This story is oooold. Read about in Wired like 2 weeks ago (in print, even)..Pissed me off, because a friend of mine were tossing around the idea of doing something like this before we found out it already existed. Heh

Did anyone over at enow.com ever think that this little chatscan thing would be annoying to real IRC users? I took notice to this thing quite a few months ago on Chatnet. I noticed the same kind of thing -- random nick, random uname -- coming from 3 different places. I assumed it was a bot because it never spoke and never responded to anything, and proceeded to ban it. Then it came back from other places, and at this time I thought it might be some kind of trojan that goes on IRC to tell its "l33t hax0r" where the trojan has been installed (like sub7). I banned those places as well. Within the past few weeks, dozens more have been entering and leaving, or entering and idling. All the join/parts and idlers are starting to get annoying... and this thing hasn't even caught on much yet. What about when and if this search engine (which I feel is useless unless people are interested in reading about me and my friends being bored all the time) becomes popular? Will we be dealing with constant join/parts and idlers from all sorts of places? It's hard to ban these things when they don't always come from the same place. Granted, many come from the enow.com site itself, but many more are from people's private connections. I've taken the liberty of making my channels +s, but I am not sure how long that will even hold out. And of course, making my help channels (#linux, etc) +s will tend to keep out real users needing help.

I'm an avid IRC user.. I have ben for a long time, and will probably contniue. I hang out on superchat -- a relativly obsucre network that isn't really bothered by advertizers, spammers and the like. This changed when Chatscan dropped in. Every 23 minutes, on the dot, a random nick would enter and exit the channel -- every 23 minutes. This nick came from a dialup account, and is ovbiously designed to get past banns. ChatScan may have a good concept -- but their execution is terrible. Not only do they not show who they are, what they are, who sent them, etc... (maybe relavant info in a whois..) but they don't ask either.

As a result of this bot, the whole dialup-bradley.earthlink.net host was banned, since they couldn't make it any more specific, and I was also in that k-line. I cannot condone ChatScan, they use subversive methods to power their " search engine" and every 23 minutes doesn't even make it current!!!

In my opinion, if a company wants to log channels, they need to ask the administrators of the network -- AND the administrators of the channel for permission. Otherwise, it hurts random users like myself.

One equal temper of heroic hearts, Made weak by time and fate, but strong in will

Obviously, the "Privacy on IRC" issue is a non-issue. There IS no privacy on IRC. Well, not without doing some encryption...

As for the interface, take it a step farther. Or maybe two steps. Have an interface set up where you can say "I don't want your bots connecting to this network/server under any condition." OR "here is our network/channel information, please make it available on the list."

What I'd like to see, as a server admin, is a public listing of the source IP's of the Bots, or have them use a consistant U@H configuration so a channel manager (IRCop, Admin) can selectively ban them. If they're obfuscating them in order to get around a server's AUP, then they have no business there and their "service" is an intrusion. If they ask first and are willing to stay out of where they're not wanted it's not such a big deal. If they aren't following the rules, they should be treated like any other lamer on the Net. K-Line them and send a complaint to their ISP. (I know. "Like that will do any good!")

I'm assuming, if there is a search engine that scours the IRC channels on multiple servers, that some entity would have to be within the said channel to record the conversations, otherwise, it would look like scattered conversations and they wouldn't have a location.

so if there is a bot in the channel, ban the bot. how hard is that?

and why the hell would you want to scour the IRC channels except if you feel that you could bust warez pirates and kiddie prOn peddlers? think about all of the meaningless banter that you'd have to record and store somewhere.

image all of the useless teenie-chatter about britany spears that would be recorded... ugh. talk about a waste of hard drive space.

so great, we now have a product that will record discussions, of which probably 99.999% is utter crap in one way or another, and more annoying bots to ban.

I'm also an admin on one of the large IRC networks and I've started to get pretty ticked off about the ChatScan bots. They were much worse a little while ago, but we complained like crazy and they relaxed a couple things. Some of them don't connect properly and keep cycling back and forth... with different IPs. Nasty things.

Yes thats right another one, go ahead and hit "Chat Now" you get a pretty Netscape Error window with a big Microsoft logo in it telling you to upgrade your browser to Internet Explorer 4.0. Would it really be that hard to write a java chat app that doesn't require IE?

Well, a bunch of IRCers would be unhappy about that. This is IRC, not a freaking AOL chat room. Quite personally, I don't like the "chat rooms" of the world, but I enjoy IRC because people at least tend to observe some protocol, culture, and are at least relatively polite. You get all kinds of assholes in "chat rooms." This could just be openning up IRC to a barrage of regular assholes. That said, IRC channels also tend to be tight nit groups, and they don't always like outsiders. I'm not sure that I would want to search for channels using a search heuristic. Perhaps I'll enter "+linux -windows" and end up in a channel full of script kiddies who just happenened to say linux and not windows within the past 30 mins. Also, how is the data accrued?

Hmm, while I do realize that privacy on irc is a mythical animal, is there any system for allowing a channel to "opt out" of this? I mean, channels can refuse to be shown in the/list can be invite-only. While this sort of thing can be hacked, its nice to keep some semblance of respect of privacy in such a potentially mainstream program as an IRC searchbot. Adding some sort of "unsearchable" tag to channels would be nice.

Now is it just me, or can this be considered an illegal interception of personal communications?

It appears (to me at least) that they are not using bots that can easily be booted out of channels where the participants don't wish to have their conversations recorded, but are using hacked (in the original sense) IRC servers that pull out content and analyse the conversations. Theoretically, are they not also guilty of collecting information about minors with the parent's consent, breaching copyright (You Own Your Own Words - literally), and breaking various laws in at least 3 countries I can think of off the top of my head (UK, US, Canada)?

The fact that they are making this information easily searchable is the problem (dodgy old men finding conversations between 10 year olds in seconds, along with the reasons given in the lead-in to the story), but I think they probably aren't the first people to have done this in private - I'm sure the feds in all sorts of places have this stuff rolled out in back rooms of ISPs.

For those who haven't had the pleasure of having their favorite server attacked by chatscan, let me explain how this works.

Since most IRC servers only allow a single person to be in so many channels at one time (normally between 6 and 10), the chatscan bot has to continously enter and leave the channels on a server in order to "scan" all the channels. Unfortunatly, the wait for the chatscan bot is about 15 seconds. So all you see is:

Now, depending on the size and number of channels on your server, this will happen about 7-15 times an hour. It gets annoying *real* fast. If you try to ban them, which is actually pretty hard, the bot calls one of its other buddies to come in and scan the channel for it. It also uses a different, unusual name each time it enters and won't admit to being a bot.

They also don't ask permission of the server owners who sometimes like to ban bots, or only allow certain useful bots onto the server.

Overall, it might be a decent idea, but their way of implementing is *sucks*. I post a list of the bans I use, but am not certain which ones are chatscan bans and which are actual bans.

A friend of mine worked for a company for quite some time that does similar stuff with television. The software they developed scanned through the closed-captioning of all channels it had access to, and as soon as a search string was encountered, the rest of that program (full video) was recorded to the hard-drive.

Unfortunately I've forgotten the name of the company, but a web search should turn it up for anyone who's interested. Canadian based (Ottawa I think).

Their major customers were media companies such as TV stations and newspapers, and the military! The next generation of software they were developing was supposed to be able to look for specific types of video frames; i.e. all news programs with a talking head, automatically editing out (or selecting only) their actual news video footage. This is really cool stuff, but I don't find it surprising at all that things like this are now being applied to IRC and more "common" internet channels.

many of the users complain not for privacy reasons, but for the fact that these bots/join/part every ten minutes. We at afternet (http://www.afternet.org) actually got the people to remove the bots, but soon thereafter they came back. We're talking with the CEO of the corporation, and others, and trying to do what we can to get these annoyances off of our network.

apparently the plan from chatscan is to make a global directory of channels, which will be available for any users to search through. In theory, the idea is great, but in practice, they've botched everything up. these bots are an annoyance, and users ban them from their channels.

We have also found a secret IRC network that they were planning to debut or something, we found it rather interesting, because there were bots in many many channels just spewing out random conversation, probably from the spybots themselves.

if anyone wants any information on these bots, or any logs of the discussion with the chatscan people, you can mail me at hurt@etheria.cx

While I admit that it sounds like their implementation is poor, *any* IRC server could be watching *every* converstation going through it, *including* private messages (except for DCC chat contents) simply by being compiled with debug code, and enabling it.

IRC is not private. The Internet is not private - any router along the way could be listing in on what you're doing. And given that there are probably at least 20 hops between you and your friends across the country, there is a lot of potential for someone to listen in.

Your examples include snooping (1) a professional commercial telephone system, and (2) a government delivery agent.

Nearly all IRC networks are run on donated CPU time, donated CPU bandwidth, by volunteer effort, and with massive "who-knows-who" cadres of IRCops, few of whom have even seen photos of each other, nevermind gotten strict legal assurances of conduct.

If someone believes that such grassroots organizations are 100% trustable down to the last individual, then I suppose that they're asking for their secrets to be exposed.

I, however, assume that anything I say on BBSs, IRC, Slashdot, and anything else published or broadcast without physical seal or secure transmission, may be used in court or on the front cover of a tabloid someday.

ANDOVER, PA - A local company going by the name of PRIVACY ENFORCERS, will (for a small fee) search through your friends and neighbors mail, garbage, and phone communications, to ensure that they are not invading your right to privacy.

Mr. Swindle of the FTC, was enthusiastic - "This is a great way for the American people to take control of their privacy, and ensure that they are not being tracked, watched or recorded by neighbors, co-workers or large corporations."

PRIVACY ENFORCERS retains records from all surveillance for your convenience, and charges only a modest fee, for future searches through said data. PRIVACY ENFORCERS keeps this cost to you low, by selling data to recoup expenses.-